diff options
author | Nick Mathewson <nickm@torproject.org> | 2007-02-12 19:56:07 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2007-02-12 19:56:07 +0000 |
commit | d884f345a4f7e3f27e0b9e1ed83e54cacde9aae4 (patch) | |
tree | 0986e8860f13a893e166c368d2ccd344ed21309c /proposals/106-less-tls-constraint.txt | |
parent | 77d040439b787556aab4979789eddc66c6964abd (diff) | |
download | torspec-d884f345a4f7e3f27e0b9e1ed83e54cacde9aae4.tar.gz torspec-d884f345a4f7e3f27e0b9e1ed83e54cacde9aae4.zip |
r11767@catbus: nickm | 2007-02-12 14:56:03 -0500
Mark proposal 106 accepted.
svn:r9567
Diffstat (limited to 'proposals/106-less-tls-constraint.txt')
-rw-r--r-- | proposals/106-less-tls-constraint.txt | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/proposals/106-less-tls-constraint.txt b/proposals/106-less-tls-constraint.txt index d9c6325..0c71d6c 100644 --- a/proposals/106-less-tls-constraint.txt +++ b/proposals/106-less-tls-constraint.txt @@ -4,7 +4,7 @@ Version: $Revision: 12105 $ Last-Modified: $Date: 2007-01-30T07:50:01.643717Z $ Author: Nick Mathewson Created: -Status: Open +Status: Accepted Overview: @@ -71,6 +71,7 @@ a client and don't treat them as a server. great. -rd] there's really no harm in letting every router have any commonName it wants. [this is the better choice -rd] +[agreed. -nm] REMAINING WAYS TO RECOGNIZE CLIENT->SERVER CONNECTIONS: @@ -91,8 +92,8 @@ If we stop verifying the above requirements: server running TLS, and believe that you're talking to a Tor server (until you send the first cell). - It will be far easier for non-Tor SSL clients to accidentally to Tor servers - and speak HTTPS or whatever to them. + It will be far easier for non-Tor SSL clients to accidentally connect to + Tor servers and speak HTTPS or whatever to them. If, in a later release, we have clients not send certificates, and we make DNs less recognizable: @@ -104,5 +105,8 @@ DNs less recognizable: If clients don't send certs, they look slightly less like servers. +OTHER SPEC CHANGES: - +When a client doesn't give us an identity, we should never extend any +circuits to it (duh), and we should allow it to set circuit ID however it +wants. |